* [LARTC] Doesn´t work
@ 2004-09-18 21:31 XMundo - Soporte Tecnico
2004-09-18 22:18 ` Brent Clark
0 siblings, 1 reply; 2+ messages in thread
From: XMundo - Soporte Tecnico @ 2004-09-18 21:31 UTC (permalink / raw)
To: lartc
I have the next script written by me but it doen´t work correctly. The
modem2 (eth2) send the
packets with the source IP of the modem1 (eth0).
I´m view it with the snort (snort -i eth2 -Nv port 80).....
Any idea?
It is my script::
##################################
IP=/sbin/ip
IPTABLES=/sbin/iptables
MODEM1="eth0"
MODEM2="eth2"
LAN="eth1"
$IPTABLES -A FORWARD -i $LAN -o $MODEM1 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o $MODEM1 -j MASQUERADE
$IPTABLES -A FORWARD -i $LAN -o $MODEM2 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o $MODEM2 -j MASQUERADE
$IP rule add fwmark 1 table modem1
$IP rule add fwmark 2 table modem2
$IP rule add fwmark 3 table web
$IP route add table web eql nexthop via 24.xxx.xxx.1 dev $MODEM1 nexthop via
200.xxx.xxx.1 dev $MODEM2
$IP route add default via 24.xxx.xxx.1 dev $MODEM1 table modem1
$IP route add default via 200.xxx.xxx.1 dev $MODEM2 table modem2
$IPTABLES -A PREROUTING -t mangle -i $LAN -p tcp --dport 80 -j
MARK --set-mark 3
echo "0" > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo "0" > /proc/sys/net/ipv4/conf/eth2/rp_filter
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [LARTC] Doesn´t work
2004-09-18 21:31 [LARTC] Doesn´t work XMundo - Soporte Tecnico
@ 2004-09-18 22:18 ` Brent Clark
0 siblings, 0 replies; 2+ messages in thread
From: Brent Clark @ 2004-09-18 22:18 UTC (permalink / raw)
To: lartc
XMundo - Soporte Tecnico wrote:
>I have the next script written by me but it doen´t work correctly. The
>modem2 (eth2) send the
>packets with the source IP of the modem1 (eth0).
>
>I´m view it with the snort (snort -i eth2 -Nv port 80).....
>
>Any idea?
>
>It is my script::
>##################################
>
>IP=/sbin/ip
>IPTABLES=/sbin/iptables
>MODEM1="eth0"
>MODEM2="eth2"
>LAN="eth1"
>
>$IPTABLES -A FORWARD -i $LAN -o $MODEM1 -j ACCEPT
>$IPTABLES -t nat -A POSTROUTING -o $MODEM1 -j MASQUERADE
>$IPTABLES -A FORWARD -i $LAN -o $MODEM2 -j ACCEPT
>$IPTABLES -t nat -A POSTROUTING -o $MODEM2 -j MASQUERADE
>
>$IP rule add fwmark 1 table modem1
>$IP rule add fwmark 2 table modem2
>$IP rule add fwmark 3 table web
>
>$IP route add table web eql nexthop via 24.xxx.xxx.1 dev $MODEM1 nexthop via
>200.xxx.xxx.1 dev $MODEM2
>
>$IP route add default via 24.xxx.xxx.1 dev $MODEM1 table modem1
>$IP route add default via 200.xxx.xxx.1 dev $MODEM2 table modem2
>
>$IPTABLES -A PREROUTING -t mangle -i $LAN -p tcp --dport 80 -j
>MARK --set-mark 3
>
>echo "0" > /proc/sys/net/ipv4/conf/eth0/rp_filter
>echo "0" > /proc/sys/net/ipv4/conf/eth2/rp_filter
>
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>
>
>
Hi
Arnt you supposed to use PREROUTING.
Kind Regards
Brent Clark
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-09-18 22:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-09-18 21:31 [LARTC] Doesn´t work XMundo - Soporte Tecnico
2004-09-18 22:18 ` Brent Clark
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.